Monday, April 4, 2011

ConfigMgr 2007 Post-SP2 Hotfixes

Hotfixes, bug fixes, patches, or whatever you want to call them are an inevitability with any size of software project and ConfigMgr is no exception – if anyone disagrees then they have never written a line of code in their life. Here’s my current list of notable post SP2 hotfixes for ConfigMgr 2007:
KB Number Title
977203 1
User state migration fails on a SCCM 2007 SP1 client or on a SCCM 2007 SP2 client after you install security update 974571
Prerequisite hotfix for System Center Configuration Manager 2007 R3
The Distribution Manager that is in System Center Configuration Manager 2007 SP2 does not honor the "Number of retries" and "Delay before retrying (minutes)" retry settings
You cannot import a driver into an OSD image if the driver is signed for only the Windows 7 operating system in SCCM 2007 SP2
The second Search paths may not discovered when you enable the Active Directory System Discovery method or the Active Directory User Discovery method that runs on a System Center Configuration Manager 2007 SP2 site server
The computer associations are not created by the import computer information wizard in SCCM 2007 Service pack 2
The "Backup ConfigMgr Site Server" task fails on a ConfigMgr 2007 site server
The handle count and memory usage of Smsexec.exe keeps increasing in System Center Configuration Manager 2007 SP2
A System Center Configuration Manager 2007 SP2 site server randomly stops processing status messages
You cannot import a driver package into a System Center Configuration Manager 2007 SP2 site if one or more driver files in the package are already imported into the site
The Active Directory system discovery process cannot detect a client if the DNS suffix of the client differs from its DNS domain name in System Center Configuration Manager 2007 SP2
Hotfix rollup for Asset Intelligence compatibility issues with new products in System Center Configuration Manager 2007 SP2: November 2010

1 977203 is superseded by 977384 but you still may need the certfix tool from 977203: KB977384 Supersedes KB977203.
2 Also has a client component
You must download each of the above updates directly from Microsoft via the hotfix request system; there are no direct links to them. Each KB contains a link near the top that takes you to the hotfix request page for that particular hotfix.

When I run updates on a site system, I always run them from a command-line for two reasons:
  1. UAC. Using UAC on a server is very debatable but if it is on, the only way (that I know of) to install an MSI elevated is to run an elevated command-prompt and then execute the MSI from there. Note that although you can (shift-)right-click on an MSI and get the Run As options, these don’t actually effect the execution of msiexec.
  2. To enable logging. I always watch the log while installing updates because each update shuts down services including ConfigMgr services, WMI, and other dependent services (each update shuts down slightly different things). Sometimes, the services can’t be stopped for whatever reason. I have seen WMI fail to shutdown and then immediately re-run the update and it shuts down fine. I have also seen dependent services fail to be shut down and have to be manually “killed”; most notably Trend Micro anti-virus. Without watching the log (using Trace32 of course) I wouldn’t know why the update is getting stuck. The command-line for this is simply the following:
msiexec /I filename.msi /l*v filename.log /q
On new installations, I place all of the updates into a single folder and use a script (run from the same folder as the hotfixes) to kick each one off and then kick off trace32 automatically:
FOR /f "tokens=*" %%G IN ('dir /b *.msi') DO (
start /D %~dp0 /B msiexec /I %%G /l*v %%G.log /q
ping -n 1 -w 1000 > nul
"C:\Program Files (x86)\ConfigMgr 2007 Toolkit V2\Trace32.exe" "%~dp0%%G.log"
The script iterates over each MSI in the folder and does the following (for each):
  1. Echoes the MSI name
  2. Runs the MSI in a separate, new command shell and creates the log file
  3. Waits for 1 second (there is no batch file wait or sleep command but the ping command does the trick nicely)
  4. Launches trace32 automatically loading the log file from the current MSI so that you can watch it (make sure that you modify the path of for Trace32 for your installation)
  5. Waits for trace32 to exit before it goes to the next MSI
To my knowledge, all of the above updates are completely independent of one another and have never found a reason to order them any particular way during installation; the script will run them in normal command-shell directory sort order.